Currently I am using trim , stripslashes and htmlspecialchars to sanitise string data from forms. The data is being forwarded to clients in emails, not entered into a database.

I am considering changing to use just:

filter_var($str, FILTER_SANITIZE_STRING) .

I quite like that FILTER_SANITIZE_STRING completely removes any HTML tags whereas with htmlspecialchars my clients would see some gobbledygook in received emails and would still see the code within HTML tags.